Risk Management within Chief Executives and Corporate Finance



Similar documents
Revised Risk Management Policy and Framework. Report by Head of Finance

The Risk Management strategy sets out the framework that the Council has established.

People Strategy 2013/17

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

Internal Audit Monitoring Report. Audit Report status Assurance. Payroll Final Limited

Version: 3.0. Effective From: 19/06/2014

RISK MANAGEMENt AND INtERNAL CONtROL

Bedford Group of Drainage Boards

Policy Document Control Page

Business Continuity Management. Policy Statement and Strategy

NHS Lancashire North CCG Business Continuity Management Policy and Plan

Internal Audit Strategic and Annual Plans 2015/16

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Security around the Oracle platform. Report by the Director of Finance and Head of ICT

Corporate Services Business Plan 20015/16- Day to Day Tasks. Corporate Services, Performance Management. Signed off: G Walsh

ICT Internal Audit Strategy to Report by the Head of Finance

IT Assurance - Business Continuity and Disaster Recovery

BUSINESS CONTINUITY STRATEGY

APPENDIX C. Internal Audit Report South Holland District Council Project Management

Bridgend County Borough Council. Corporate Risk Management Policy

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

RISK MANAGEMENT STRATEGY

Corporate Risk Management Policy

Outsourcing and third party access

KEY STRATEGIC RISKS. Northumberland Sustainable Community Strategy

Risk Management Policy

City and County of Swansea. Human Resources & Workforce Strategy Ambition is Critical 1

Quality and Engagement Sub Committee

Bedfordshire Fire and Rescue Authority Corporate Services Policy and Challenge Group 9 September 2014 Item No. 6

APPENDIX 2 GENERIC OPERATIONAL RISKS RISK TABLES & ADDITIONAL ACTION PLANS MONITORING REPORT MARCH 2006

Risk Management Strategy

Risks and uncertainties

Financial Planning Assessment Vale of Glamorgan County Borough Council. Audit year: Issued: January 2015 Document reference: 620A2014

Principal risks and uncertainties

SR0001 Maintaining Business Continuity including the Council s response to major civil emergencies. (Interim Programme Lead)

Minutes of the meeting of 30 June 2014

Risk Management and Business Continuity Strategy.

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

BUSINESS CONTINUITY MANAGEMENT REPORT (2014/15)

BROMSGROVE DISTRICT COUNCIL PERFORMANCE MANAGEMENT BOARD 16 DECEMBER 2008 PERFORMANCE MANAGEMENT BOARD PROPOSED PROGRAMME 2008/09

Business Continuity Management Framework

Going concern assumption for NHS foundation trust accounts

Risk Management Strategy

LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT

BUSINESS CONTINUITY MANAGEMENT POLICY

Information Governance Policy (incorporating IM&T Security)

Information Governance Strategy

CHANGE MANAGEMENT PLAN

F I N A N C I A L R E G U L A T I O N S

Business Continuity Management Policy and Plan

INFORMATION GOVERNANCE POLICY

TRANSPORT FOR LONDON AUDIT COMMITTEE STRATEGIC RISK MANAGEMENT PROGRESS REPORT

Review of the Management of Sickness Absence Conwy County Borough Council

Subject: Resource & Governance Business Plan 2014/15

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013

A guide for members APES 325 Risk Management for Firms

Risk Management & Business Continuity Manual

Principal risk Change Impact Mitigation Relevance to

Regulatory Standards of Governance and Financial Management

Trust Board Report. Review of the effectiveness of the IM&T Committee

Harrow Business Consultative Panel. Business Continuity Management. Responsible Officer: Myfanwy Barrett Director of Finance and Business Strategy

Business case Customer Experience Service Desk

Shepway District Council Risk Management Policy

South Norfolk Council Business Continuity Policy

The Lowitja Institute Risk Management Plan

IS INFORMATION SECURITY POLICY

Confident in our Future, Risk Management Policy Statement and Strategy

Corporate Health and Safety Policy

Risk Management Programme Guidelines

Cumbria Constabulary. Business Continuity Planning

NORTH YORKSHIRE FIRE AND RESCUE AUTHORITY FINANCIAL MANAGEMENT FRAMEWORK SECTION A INTRODUCTION

Information Governance Policy

1.1 Terms of Reference Y P N Comments/Areas for Improvement

Annual Governance Statement

Business Continuity Policy & Plans

BUSINESS CONTINUITY PLANNING

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

HUMAN RESOURCES STRATEGY & UPDATE

Risk Management Strategy

Summary of Information Technology General Control Environment Findings for the year ended 30 June 2015

Capital Market Services UK Limited Pillar 3 Disclosure

Business Continuity Management Policy

ARGYLL AND BUTE COUNCIL SUPPORT SERVICES REVIEW 15 DECEMBER 2011 SUMMARY REPORT

Internal Audit Report Disaster Recovery / Business Continuity Planning

Chairman s Statement. Contents & Introduction. Introduction

Internal Audit - progress report and plan

council s Budget and Financial Planning Framework

SCRUTINY COMMITTEE ITEM MARCH 2012

Emergency Management and Business Continuity Policy

Guidance notes: Financial Planning & Managing Risk

Managing Risk in Procurement Guideline

The English Nature and Joint Committee of Staff

Bath and North East Somerset Council - Resources Directorate Plan 2016/17 to 2019/20

Risk Management Policy and Framework

Risk Management Guide

Annual Governance Statement 2013/14

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

Business Continuity Management (BCM) Policy

DERBYSHIRE COUNTY COUNCIL AUDIT COMMITTEE. 30 July Report of the Deputy Chief Executive and Head of Corporate Finance

RISK ASSESSMENT MATRIX GUIDANCE NOTES

Transcription:

Report to Corporate Affairs Review Panel 21 November 2007 Item No 11 Risk Management within Chief Executives and Corporate Finance Report by the Chief Executive, Director of Corporate Resources and Cultural Services, and Head of Corporate Finance This report updates the Review Panel on the approach being undertaken to formally manage risk within the services covered by this Review Panel. It includes each service s risk register for consideration. 1 Background 1.1 This report is in accordance with the Authority s Risk Management Framework, which requires all departments to report six monthly to their relevant Review Panel. The aim of these reports is to improve the understanding and governance of risk management activities by Members. 1.2 This report provides information on the key risks faced by the departments and the controls in place to manage them. 2 Risk review 2.1 The risk registers reflect those key business risks that, if not managed appropriately, could result in the services failing to achieve one or more of their key objectives. The recording of a risk on the register is not an indicator that the event is happening. 2.2 The registers are live documents utilising the authority s new Performance and Risk Management System (PRISM). They are reviewed regularly by the Risk Owners and reported to departmental management teams. With the registers being kept as live documents and reviewed regularly, they do change over time the level of some risks will change, some risks will be removed and new ones will be added. 2.3 As an example, the Corporate Finance register contained 3 High and 7 Medium risks at November 2006 whereas now it shows 2 High, 4 Medium and 1 Low. Certain risks have been removed from the register because the controls that have been put in place mean the risks are now being managed by routine processes and so management no longer

need to take a specific interest. Appendices 1 and 2 provide details of the risks of both services as at October 2007. 2.4 Any risks deemed to be of corporate significance or that require management at a corporate level are escalated to the Corporate Risk Register where they are monitored by the Chief Officers Group. For the services that report to this Review Panel the only such risks are risk number 7 on Appendix 1 (Failure to consistently manage financial resources) and risk no 8 on Appendix 2 (Failure to deliver the efficiency programme). Both of these risks are felt to be well controlled and do not cause any undue concerns. 2.5 The registers show that most of the risks have good or improving prospects of being managed sufficiently to meet the targets (called the aspiration scores ). There are, however, three risks where the prospects of reducing the risk to the target are judged as weakening. These are risk no 1 on Appendix 1 and risks no 5 and 6 on Appendix 2. 2.6 These three risks relate to a potential failure to recruit and retain key staff within each of the services and a potential reduction in capacity at the corporate centre within Chief Executives. The weakening prospects are primarily due to uncertainties around the outcomes of the Local Government Review for Norfolk. 3 Resource Implications 3.1 Finance: There are no direct financial implications arising from this report. However, continuing improvement in the application of risk management within the services will contribute to improving the use of resources, including financial resources, across the services. 4 Section 17 Crime and Disorder Implications 4.1 While there are no direct implications, the risk management activities within Corporate Finance do contribute towards maintaining robust controls against the risk of fraud. 5 Conclusion 5.1 Risk Management is now an active process within the services that report to this Panel. The risk registers demonstrate that key strategic and operational risks are being identified and effectively managed. 6 Recommendation 6.1 This Panel is asked to consider this report and appendices, and provide any comments in relation to the risks reported and actions identified for the continued embedding of risk management across Chief Executive s and Corporate Finance.

Officer Contacts, Director of Corporate Resources and Cultural Services, 01603 222609 or email paul.adams@norfolk.gov.uk Paul Brittain, Head of Finance, 01603 222400 or email paul.brittain@norfolk.gov.uk John Baldwin, Risk and Insurance Manager 01603 224466 or email john.baldwin@norfolk.gov.uk If you need this report in large print, audio, Braille, alternative format or in a different language please contact John Baldwin, Tel: 01603 224466, Minicom: 0844 8008011, and we will do our best to help.

CORPORATE FINANCE RISK REGISTER - CARP NOVEMBER 2007 APPENDIX 1 1 RM DF Failure to recruit and retain key staff Risk of failure to recruit and retain key staff across the finance service Could lead to services (including statutory services) not being delivered at an adequate level, which could impact upon the achievement of key corporate priorities. Rating: High 12 1 Poor RM DF Consider Slippage in successor planning implementing MRS is RM DF Identify leading to increased critical posts/staff levels of uncertainty RM DF Implement over outcomes MRS RM DF Operate People Management Strategy Unlikely on going Weakening CP OOB Value for Paul Brittain 2 RM DF Failure to deliver during change Failure to deliver services effectively while managing, delivering or supporting change programmes. Leads to either change programmes not being delivered appropriately, such as efficiency savings, support services review, etc, or adverse effects on regular service delivery Rating: High 12 1 Poor RM DF Agree resource plan for projects RM DF Dept to contrib to major projects RM DF Use formal PM guidelines Being kept under review by regular scrutiny by Exec board Rating: High 12 on going Improving CP OOB Value for Paul Brittain 3 RM DF Failure to perform daily TM process Failure to perform daily Treasury Management process (or part there of) due to system failure, disaster scenario, or unavailability of relevant staff. Leads to: Liquidity Risk - inability to manage cash or insufficient cash to achieve business objectives. Credit/ Counterparty Risk - unable to perform and monitor investment transactions. Risk of financial loss - through error, or inability to invest/manage overdrafts. Impact on business reputation. 2 Reasonable RM DF Create risk register for TM function RM DF Develop Disaster recovery plans RM DF Facilitate TM/Banking seminar RM DF Maintain current controls Development of the Disaster Recovery plans and joint working agreements are progressing well Sept 07 Good CP OOB Value for Nicola Mark

CORPORATE FINANCE RISK REGISTER - CARP NOVEMBER 2007 APPENDIX 1 4 RM DF Failure of fin regs monitoring The risk that the monitoring and supervision systems for financial regulations could fail. Leading to breaches of legislation, fines, loss of grants, poor audit opinions or poor publicity, whether caused by third party contractors or NCC staff. Both internal audit and external were of the opinion that controls needed to be tightened and strengthened Unlikely 2 Reasonable RM DF Develop Fin Man guidance RM DF Implement Fin Man strategy RM DF Integrate CHS into DF Procedures and any revisions to practices or control mechanisms are now available on the intranet site and all relevant staff are encouraged to check regularly. There is regular monitoring of financial systems Unlikely on going Good CP OOB Value for Harvey Bullen 5 RM DF Failure to manage contractor relationships Failure to manage relationships with contractors. Leading to the risk that performance of contracts and suppliers is not monitored leading to poor value for money and undesired outcomes. Unlikely 2 Reasonable RM DF Carry out post contract audits RM DF Develop contract man support RM DF Implement contract selfevaluation Contracts database being developed. More robust procedures now in place for key contracts. Unlikely Dec 07 Improving CP OOB Value for Jane Waring 6 RM DF Prevent fraud in the TM area Failure to prevent fraud in the Treasury Management area Rare 2 Reasonable RM DF Maintain robust TM systems Rating: Medium 5 Risk is at target and is now being monitored only Rare Rating: Medium 5 on going Good CP OOB Value for Nicola Mark 7 RMCP DF Failure to consistently manage financial resources Risk of failure to consistently manage financial resources. Effective financial management is an intrinsic element of strong and effective service management. Failures in financial management can impact on delivery of the Council's service priorities. Unplanned overspending results in the need to redirect resources and may require mid year cuts in planned services. Poor financial management also affects the Audit Commission's judgements, particularly 'CPA Use of Resources.' Rare Rating: Low 3 3 Good RMCP Implement Financial Improvement Plan The Financial Management Improvement Plan has been refreshed and was reported to CARP in May 2007. Periodic updates will continue to be made on progress in delivering the activities within the Plan. Rare Impact: Minor Rating: Low 2 Mar 08 Improving CP OOB Value for Paul Brittain 4 Unknown

CHIEF EXECUTIVE'S DEPARTMENT RISK REGISTER - CARP NOVEMBER 2007 APPENDIX 2 1 RM CEX Failure of ICT The risk of failure of ICT, as a result of a major incident, infrastructure failure or other breakdowns. As NCC is now very ICT dependent in the delivery of services, any prolonged failure would lead to significant disruption. Rating: High 15 1 Poor Implement ICT Medium Term Plan Improve risk management processes Maintain overall ICT Risk Register Maintain risk registers for all major ICT projects ICT Security Forum meets regularly and areas of high risk are prioritised for actions. Implementation of the ICT Medium Term Plan is progressing well, incorporating actions to improve disaster recovery and business continuity Unlikely Rating: High 10 Ongoing Good CP OOA Customer Focus 2 RM CEX Failure to deliver MRS Failure to successfully deliver and implement an acceptable proposal Unlikely for the Modern Reward Strategy by the due date. Rating: High 10 Leads to not meeting a national agreement, employee relations issues and severe budget problems. 1 Poor Project risk log Increase project resources Reprioritise HR resources Rigorous project management Unlikely CP OOC Develop & Support Workforce Anne Gibson 3 RM CEX Failure to manage sickness absence Failure to manage sickness absence will lead to reduced levels of productivity and raised costs in covering front-line staff. 2 Reasonable Implement IHRIS Implement sickness absence policy Implement wellbeing programme Introduce managing stress policy Sickness management training Unlikely Ongoing Improving CP OOC Develop & Support Workforce 4 RM CEX Financial deficits in trading units Financial deficits for the trading units (eg CTD, Legal Services) or loss of external income for unforseen reasons (eg Registrars, Coroners) will lead to budget overspends and reductions in services. 2 Reasonable Business planning/monitoring approach Reduce exposure Regular monitoring keeps this risk under control Unlikely March 08 Good CP OOB Value for

CHIEF EXECUTIVE'S DEPARTMENT RISK REGISTER - CARP NOVEMBER 2007 APPENDIX 2 5 RM CEX Reduced capacity at Corporate centre Failure to ensure that there is sufficient capacity at the Corporate Centre as resources are switched to front line services as a result of funding constraints. Leading to key staff becoming overloaded and a failure to drive the organisation forward in key areas, such as performance management and partnership development. 2 Reasonable Demonstrate value of capacity at centre Engage wider group in activities Prioritising work Uncertainty arising out of the LGR may well impact on planning and development activities Unlikely Ongoing Weakening CP OOA Customer Focus 6 RM CEX Failure to recruit and retain key staff Failure to recruit and retain key staff could lead to a lack of leadership and possible deterioration of services 2 Reasonable Develop key staff Implement MRS Make NCC an attractive place to work In the longer term this risk Unlikely will be addressed by MRS but short term uncertainties caused by LGR are not helping Ongoing Weakening CP OOC Develop & Support Workforce Anne Gibson 7 RM CEX Failure of Coroners Service to meet NCC requirements 8 RMCP CEX Failure to deliver the efficiency programme The Coroner's Service is predominantly demand driven and officers are not subject to local authority control or accountabilities in how they carry out their functions. This could potentially lead to an overspend on the budgets allocated by the County Council. Risk of failing to deliver the efficiency programme and achieve adequate returns on the investment in organisational change. Leads to efficiency savings not being delivered as part of the Gershon Review recommendations and increased pressure on core budgets. Unlikely 2 Reasonable Better Ways of Working project Regular meetings with Coroners 2 Reasonable RMCP CEX Informal Member Steering group established RMCP CEX Weekly reporting to Chief Exec and Dir of CR 4 Unknown Better Ways of Working project is progressing and new procedures to reduce costs are implemented Unlikely Unlikely March 08 Good CP OOB Value for Met target Met target CP OOB Value for Ian Lambert Paul Carter

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information